Biz & IT —

Recharged, Boeing’s Dreamliner gets cleared for takeoff

New battery design passes "rigorous tests" under FAA scrutiny

More than three months after being grounded due to a fire on a Japan Airlines plane in Boston, Boeing's 787 Dreamliners have been given approval to take to the skies again—including on transoceanic flights—once they have been outfitted with modifications that passed testing under the FAA's scrutiny. The planes could be in the air again as early as next week.

In a prepared statement, FAA Administrator Michael Huerta said, “A team of FAA certification specialists observed rigorous tests we required Boeing to perform and devoted weeks to reviewing detailed analysis of the design changes to reach this decision.”

The Boston fire was the result of thermal runaway, a condition that occurs when a lithium-ion battery's temperature rises above 300 degrees Fahrenheit. Once the cell reaches that temperature, chemical reactions within the cell cause it to continue to overheat, potentially exploding and venting gases that could combine with combustible materials and catch fire. The rising heat in the cell could also cause a cascading effect with other cells. Multiple short circuits in one cell of the JAL 787's battery led to the thermal runaway, which did cascade to other cells and caused the battery to rupture and catch fire.

The new, improved battery system's design has been altered to prevent the sort of fault that led to the Boston fire and the failure of a battery on an All Nippon Airways 787 in January. There is added insulation between each cell to prevent a short-circuit within the lithium-ion cells from cascading to others.

Even if the battery does fail and overheat, Boeing officials said, its new sealed steel enclosure system, with cooling and venting, will prevent a fire and contain the problem to the battery itself, protecting the rest of the aircraft. As part of testing, propane was used to create a small explosion inside the enclosure, which was successfully kept contained within it. Boeing claims that the enclosure will not only isolate a possible battery failure from the rest of the aircraft's components, but that passengers won't even notice if a failure occurs.

There are some unanswered questions that remain. Boeing was never able to replicate the failure that caused the Japan Air Lines 787 to catch fire in its tests of the old design. And considering that the original reason Boeing selected lithium-ion batteries for the 787 was their relatively low weight, the additional provisions would seem to cancel out much of the benefit of the technology.

The decision by the FAA also means that Boeing can resume delivery of new 787s to customers. According to Boeing, the company expects to be able to deliver all of the planes scheduled for 2013 to customers by year's end.

Sean Gallagher
Sean is Ars Technica's IT and National Security Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland. Emailsean.gallagher@arstechnica.com//Twitter@thepacketrat

64 Reader Comments

"And considering that the original reason Boeing selected lithium-ion batteries for the 787 was their relatively low weight, the additional provisions would seem to cancel out much of the benefit of the technology."

While this is true, if you consider all the bets on new technology that Boeing made in the aircraft, if turning a weight savings into a weight gain on the battery system is the worst thing that happens, then they'll have done an amazing job. I'm certain that they lost some other technical bets as well, and they probably won some that ended up on the other side of the ledger. While we mostly know about the things that have been wrong with this program, they have really pushed the envelope considerably. The -9 roll in a lot of "lessons learned," as will the 777 replacement and other 787derivatives for the next 20 years.

I think whole focus on mitigation of a failing battery is the result of a failure of their whole development process for these batteries. While there needs to be mitigation as a secondary factor, the PRIMARY issue is preventing the batteries from shorting out in the first place, and they haven't really made any progress on that issue, and they admit it.

This reminds me of the Challenger disaster and the whole broken design process revealed by Richard Feynman: Them: "Our O-rings are failing, but we have monitored how they fail and have never had a complete burn-through" Him: "Uh, your design process should be to make sure to the O-rings AREN'T FAILING IN THE FIRST PLACE."

I sure don't want to be on a plane with a cell in one of these huge batteries shorting out, getting red-hot and venting toxic fumes, mitigation factors or no.

The only thing that gives me pause is that they weren't able to replicate the failure of the Japan Airlines incident. In software, a bug that's replicable is as good as solved. The unreplicable ones...

I think whole focus on mitigation of a failing battery is the result of a failure of their whole development process for these batteries. While there needs to be mitigation as a secondary factor, the PRIMARY issue is preventing the batteries from shorting out in the first place, and they haven't really made any progress on that issue, and they admit it.

This reminds me of the Challenger disaster and the whole broken design process revealed by Richard Feynman: Them: "Our O-rings are failing, but we have monitored how they fail and have never had a complete burn-through" Him: "Uh, your design process should be to make sure to the O-rings AREN'T FAILING IN THE FIRST PLACE."

If you can't replicate the problem, you can't really figure out what went wrong. It was probably a manufacturing problem, which means it isn't a problem with the design, and there isn't really anything you can do to fix it (because it isn't actually a problem, outside that single battery).

"And considering that the original reason Boeing selected lithium-ion batteries for the 787 was their relatively low weight, the additional provisions would seem to cancel out much of the benefit of the technology."

While this is true, if you consider all the bets on new technology that Boeing made in the aircraft, if turning a weight savings into a weight gain on the battery system is the worst thing that happens, then they'll have done an amazing job. I'm certain that they lost some other technical bets as well, and they probably won some that ended up on the other side of the ledger. While we mostly know about the things that have been wrong with this program, they have really pushed the envelope considerably. The -9 roll in a lot of "lessons learned," as will the 777 replacement and other 787derivatives for the next 20 years.

My question is, has the weight actually increased enough to make it a fail? Insulation itself can be fairly light, depending on the type, so I doubt that added significant weight. The bracing to contain an explosion probably added some weight, but how significant is that compared to what they'd lose in switching technology? I'm going off the chart found on this site.

Everyone focuses on the battery (for obvious and good reasons) but they most ignore the positives of this design. Just doing away with the hydraulics for the flight controls is a huge step and one that could save everyone from Boeing to the maintenance companies tons of money in maintenance down time. Going from a few thousand parts under very high levels of stress to a handful of parts (literally since electric motors have one moving part) that aren't as highly strung could improve reliability as well. The advantages of this design are huge, it's just a shame the battery is getting all the attention. This aircraft is a pretty badass piece of kit.

I don't have not ever worked for Boeing. It just think it's a beautiful piece of engineering from nose to tail.

I think whole focus on mitigation of a failing battery is the result of a failure of their whole development process for these batteries. While there needs to be mitigation as a secondary factor, the PRIMARY issue is preventing the batteries from shorting out in the first place, and they haven't really made any progress on that issue, and they admit it.

This reminds me of the Challenger disaster and the whole broken design process revealed by Richard Feynman: Them: "Our O-rings are failing, but we have monitored how they fail and have never had a complete burn-through" Him: "Uh, your design process should be to make sure to the O-rings AREN'T FAILING IN THE FIRST PLACE."

If you can't replicate the problem, you can't really figure out what went wrong. It was probably a manufacturing problem, which means it isn't a problem with the design, and there isn't really anything you can do to fix it (because it isn't actually a problem, outside that single battery).

"...you can't really figure out what went wrong. It was probably..." Those are the kind of words that are said when an engineering design process fails. If they don't know what went wrong, they can't claim to have fixed the problem. I guarantee you the original battery design requirements didn't include a cell failure rate like the one that they have experienced. To then accept a higher failure rate after the fact by adding mitigation factors to get it flying again is exactly the kind of slippery slope that led to the Challenger disaster.

In designing systems of this criticality, brushing ANY kind of original design failure under the rug without examining why the PROCESS didn't catch that earlier, so that you can be sure it doesn't happen again, is a sign of design process failure. Period. What is going on is a politically-driven attempt to get these things flying again because of the high cost to Boeing and the US for every day they sit idle. That is not good engineering.

My first thought is that it would take longer than 3 months to remanufacture this battery in quantity and test it with the FAA watching. So it is more likely in my opinion that they switched battery suppliers. I can see the company who was snubbed due to the cost of their batteries (which were built much better) feeling very smug when Boeing came back with their heads bent low asking for that battery package that they initially turned down.

[quote="[url=http://arstechnica.com/civis/viewtopic.php?p=24329629#p24329629]AreWeThereYeti[/urlTo then accept a higher failure rate after the fact by adding mitigation factors to get it flying again is exactly the kind of slippery slope that led to the Challenger disaster.[/quote]How is that? What mitigation factors did they apply to the STS before Challenger?

My understanding was that the problem with Challenger was that they just decided partial burn-through was no big deal, not that they applied mitigation instead of a full redesign.

I'm not sure exactly what you even mean by "mitigation". How is "mitigation" different than "redesigning based on new information"? Are you implying that any time there is any kind of problem the only potential solution is a clean-sheet redesign?

"And considering that the original reason Boeing selected lithium-ion batteries for the 787 was their relatively low weight, the additional provisions would seem to cancel out much of the benefit of the technology."

I don't think you can say this unless you know the total weight of the batteries using an alternate chemistry (NiMH or NiCad, I assume). I would guess that the Lithium battery pack, even with it's new safety hardware, is still a smaller and lighter package then a NiMH package of the same capacity and voltage.

I think whole focus on mitigation of a failing battery is the result of a failure of their whole development process for these batteries. While there needs to be mitigation as a secondary factor, the PRIMARY issue is preventing the batteries from shorting out in the first place, and they haven't really made any progress on that issue, and they admit it.

This reminds me of the Challenger disaster and the whole broken design process revealed by Richard Feynman: Them: "Our O-rings are failing, but we have monitored how they fail and have never had a complete burn-through" Him: "Uh, your design process should be to make sure to the O-rings AREN'T FAILING IN THE FIRST PLACE."

If you can't replicate the problem, you can't really figure out what went wrong. It was probably a manufacturing problem, which means it isn't a problem with the design, and there isn't really anything you can do to fix it (because it isn't actually a problem, outside that single battery).

"...you can't really figure out what went wrong. It was probably..." Those are the kind of words that are said when an engineering design process fails. If they don't know what went wrong, they can't claim to have fixed the problem. I guarantee you the original battery design requirements didn't include a cell failure rate like the one that they have experienced. To then accept a higher failure rate after the fact by adding mitigation factors to get it flying again is exactly the kind of slippery slope that led to the Challenger disaster.

In designing systems of this criticality, brushing ANY kind of original design failure under the rug without examining why the PROCESS didn't catch that earlier, so that you can be sure it doesn't happen again, is a sign of design process failure. Period. What is going on is a politically-driven attempt to get these things flying again because of the high cost to Boeing and the US for every day they sit idle. That is not good engineering.

True. It is not good engineering. But it is good business.... right up to another battery exploding in the months ahead and engineers saying "told you so" to their bosses (managers) and another grounding and really really bad publicity.

So it isn't good business either.

I suspect there are engineers at Boeing who saw this coming and warned. But no one listened.

I was involved in the testing and have seen the new battery enclosure in person. It is made of stainless steel. The battery case itself is virtually unchanged; all of the redesign involved the cells and their placement and connections inside the case. The enclosure will contain a battery failure and vent the gasses outside the airplane, while at the same time minimizing the amount of oxygen available.

These battery failures were/are never a flight risk. There are 2 batteries in separate locations in the lower lobe of the airplane, which means below the passenger floor. With the original design even a worst case scenario where the fire managed to penetrate the fuselage was not enough to cause the airplane to crash.

One major reason for sticking with the Lithium Ion batteries is the entire electrical system was designed to take advantage of both their power AND size. Changing to another battery chemistry would require major system redesigns that could have taken years.

Yes, there were plenty of people that expressed concerns about the choice of battery chemistry.

^^ That's all true. But bad PR is bad PR. Once the word got out to the media and the general public that these things are catching on fire, it won't matter that the simulations show total battery failure not a flight risk. The 787 will be grounded again if there's another fire. People aren't logical when it comes to airline safety, or really any safety (see: the war on terror). They think with their emotions. Also, there isn't a single manager at FAA or at Boeing or at airlines with balls big enough to go against the public opinion and continue flying the 787 after another fire, citing tests showing the fire isn't a flight risk. The plane will be grounded because no one will be willing to absorb the liability.

My first thought is that it would take longer than 3 months to remanufacture this battery in quantity and test it with the FAA watching. So it is more likely in my opinion that they switched battery suppliers. I can see the company who was snubbed due to the cost of their batteries (which were built much better) feeling very smug when Boeing came back with their heads bent low asking for that battery package that they initially turned down.

The battery supplier, GS Yuasa, is well known. What have you seen to suggest they've changed to a new, unnamed battery supplier?

My first thought is that it would take longer than 3 months to remanufacture this battery in quantity and test it with the FAA watching. So it is more likely in my opinion that they switched battery suppliers. I can see the company who was snubbed due to the cost of their batteries (which were built much better) feeling very smug when Boeing came back with their heads bent low asking for that battery package that they initially turned down.

The supplier has not changed. That would have taken years.

We were able to do it in 3 months because there was a dedicated team of people around the world working literally around-the-clock.

On Topic: I agree with AreWeThereYeti that mitigation of the consequences isn't exactly the same as solving the problem. This gives me some pause, but hopefully advancements can be made to make these batteries a little less susceptible to runaway.

...How is that? What mitigation factors did they apply to the STS before Challenger?

My understanding was that the problem with Challenger was that they just decided partial burn-through was no big deal, not that they applied mitigation instead of a full redesign.

I'm not sure exactly what you even mean by "mitigation". How is "mitigation" different than "redesigning based on new information"? Are you implying that any time there is any kind of problem the only potential solution is a clean-sheet redesign?

The point is that they are on a slippery slope of design changes. If your original design is that it is not acceptable for batteries short out and burst into flame on an airplane in flight, you don't respond to finding batteries shorting out and bursting into flame by turning around and just accept that there will be batteries shorting out and bursting into flame, and try to "mitigate" that fact with stronger containers, venting etc. You go back and do what is necessary to make sure that they don't short out and burst into flame in the first place, and you don't fly those batteries until you have done that work. If that causes huge problems for Boeing, so be it- it is their own fault for not ensuring this wouldn't happen and having contingency plans in the first place.

[quote=AreWeThereYeti"]"...you can't really figure out what went wrong. It was probably..." Those are the kind of words that are said when an engineering design process fails. If they don't know what went wrong, they can't claim to have fixed the problem. I guarantee you the original battery design requirements didn't include a cell failure rate like the one that they have experienced. To then accept a higher failure rate after the fact by adding mitigation factors to get it flying again is exactly the kind of slippery slope that led to the Challenger disaster.

In designing systems of this criticality, brushing ANY kind of original design failure under the rug without examining why the PROCESS didn't catch that earlier, so that you can be sure it doesn't happen again, is a sign of design process failure. Period. What is going on is a politically-driven attempt to get these things flying again because of the high cost to Boeing and the US for every day they sit idle. That is not good engineering.[/quote]

What exactly is the problem Boeing is trying to fix? They couldn't replicate the problem with the batteries, they changed the system so that a thermal runaway would be safely contained. Sounds to me like they solved the basic problem, that of battery safety. That really is the idea behind aircraft safety, to design the aircraft so that it's as safe as possible but recognizing that perfect safety is impossible, when a part fails, it and the systems associated with it should not fail catastrophically. You see this philosophy all through aircraft design. When Australian Airlines had an uncontained engine failure on their Airbus 880 out of Singapore they were able to make an emergency landing even though when the engine let go shrapnel severed some hydraulic systems and reduced control input.

...What exactly is the problem Boeing is trying to fix? They couldn't replicate the problem with the batteries, they changed the system so that a thermal runaway would be safely contained. Sounds to me like they solved the basic problem, that of battery safety. That really is the idea behind aircraft safety, to design the aircraft so that it's as safe as possible but recognizing that perfect safety is impossible, when a part fails, it and the systems associated with it should not fail catastrophically. You see this philosophy all through aircraft design. When Australian Airlines had an uncontained engine failure on their Airbus 880 out of Singapore they were able to make an emergency landing even though when the engine let go shrapnel severed some hydraulic systems and reduced control input.

How is it you don't see what the problem is they are trying to fix? The problem is right there in front of you, despite your attempts to deflect the failure onto the containment system: the problem is batteries shorting out and bursting into flame. You would be right if their original design specs assumed battery failure and accepted that batteries would be doing this in flight, but they didn't do that. Meaning their original design decision to use lithium-ion batteries was based on a FAULTY ASSUMPTION. It is HIGHLY possible that if they had know this would happen, they would have used a different battery type like NiMH, you know, like Airbus has done in the wake of this incident.

To proceed with a battery type that was chosen using faulty reliability assumptions and then try to design around the failure of those assumptions by adding better containment and mitigation without truly revisiting whether Lithium Ion was the wrong choice in the first place is BAD DESIGN.

edit: The acid test of whether I am right or not will become clear based on the responses of other airplane manufacturers. If people continue to adopt more Lithium Ion designs and just contain them better, then I am wrong. If they avoid Lithium Ion designs and used other safer technologies like NiMH, then I am right. So far, the one datapoint is Airbus, and they are in my column.

My question is, has the weight actually increased enough to make it a fail? Insulation itself can be fairly light, depending on the type, so I doubt that added significant weight. The bracing to contain an explosion probably added some weight, but how significant is that compared to what they'd lose in switching technology? I'm going off the chart found on this site.

The stainless steel enclosure, venting and changes to cell configuration add up to 150 lbs per battery. Considering that each battery itself is only ~72 lbs, this is definitely not ideal, and will eat away the weight savings in going with a Li-Ion battery in the first place. However, there would probably still be a net weight savings in going with the "all-electric" design (technically, only a couple of controls are electrically actuated - H-stab is one I believe, but the hydraulic controls are now powered by electric pumps, which allow for smaller and lighter pumps and tubing). Also, there are efficiency gains by not using bleed air from the engine to drive compressors/pumps.

While the "solution" seems a like a half-assed stopgap measure to me, the issue has also been blown out of proportion, as a burning battery would not lead to a crash. Not Boeing's final hour but far from a fatal blow.

No doubt the -9 and -10 will incorporate more refined solutions (and we might even see these newer fixes retrofitted into new and existing -8s), but Boeing's first order of business is to get these planes safely back into the air so their customers (the airlines) can stay in business.

"The 787 will be grounded again if there's another fire. People aren't logical when it comes to airline safety, or really any safety (see: the war on terror). They think with their emotions. Also, there isn't a single manager at FAA or at Boeing or at airlines with balls big enough to go against the public opinion and continue flying the 787 after another fire, citing tests showing the fire isn't a flight risk. The plane will be grounded because no one will be willing to absorb the liability."

Most people agree there will be another fire. The only question is how soon.

Using a battery with a built-in thermal runaway problem in an airplane with people on board is a disastrous design failure.

They should have switched back to NiCD when they had the chance. It would not have been such a huge redesign problem as people think. They are already using NiCd and have extensive knowledge of the design parameters. Any component that uses batteries has to perform over a wide range of supply voltages. I don't see switching to NiCd would take long. So it's not an engineering issue. It's a political issue, and that will end up costing Boeing a huge amount.

...What exactly is the problem Boeing is trying to fix? They couldn't replicate the problem with the batteries, they changed the system so that a thermal runaway would be safely contained. Sounds to me like they solved the basic problem, that of battery safety. That really is the idea behind aircraft safety, to design the aircraft so that it's as safe as possible but recognizing that perfect safety is impossible, when a part fails, it and the systems associated with it should not fail catastrophically. You see this philosophy all through aircraft design. When Australian Airlines had an uncontained engine failure on their Airbus 880 out of Singapore they were able to make an emergency landing even though when the engine let go shrapnel severed some hydraulic systems and reduced control input.

How is it you don't see what the problem is they are trying to fix? The problem is right there in front of you, despite your attempts to deflect the failure onto the containment system: the problem is batteries shorting out and bursting into flame. You would be right if their original design specs assumed battery failure and accepted that batteries would be doing this in flight, but they didn't do that. Meaning their original design decision to use lithium-ion batteries was based on a FAULTY ASSUMPTION. It is HIGHLY possible that if they had know this would happen, they would have used a different battery type like NiMH, you know, like Airbus has done in the wake of this incident.

To proceed with a battery type that was chosen using faulty reliability assumptions and then try to design around the failure of those assumptions by adding better containment and mitigation without truly revisiting whether Lithium Ion was the wrong choice in the first place is BAD DESIGN.

edit: The acid test of whether I am right or not will become clear based on the responses of other airplane manufacturers. If people continue to adopt more Lithium Ion designs and just contain them better, then I am wrong. If they avoid Lithium Ion designs and used other safer technologies like NiCd, then I am right. So far, the one datapoint is Airbus, and they are in my column.

The solution wasn't just containment. They also redesigned the cells with better insulation to make cascading shorts less likely. The additional containment makes it so that the overheats, despite being less likely, still won't cause a major problem.

There are, of course, minor issues with equipment that happen all the time on a complex system like an airplane. So long as they don't cause a major problem and can be fixed with maintenance in a reasonable way between flights, airlines live with them all the time. Faults are allowed in aircraft systems, they just can't reasonably lead to catastrophes.

The very notion of an all electronic flight control is also risky which is why they can, if needed, drop an air-ram electric generator out the bottom of the airframe if needed. That doesn't mean that electronic flight control is a "BAD DESIGN", it means that a large, multiple system failure won't be catastrophic.

The "acid test" will actually be seeing how many maintenance issues come out of this and how they impact the airlines using the Dreamliner. Let's face it. No one in aviation is going to go with a Lithium-Ion battery until they see how this plays itself out. And if you are counting data points, don't forget to count Boeing as one data point as not being in "your" column.

Redesigning the Dreamliner to use larger NiCd batteries would have caused even more significant delays. The airlines would like to get back into the air just as much as Boeing. If you are correct that the Lithium Ion batteries can never be made usable for aircraft (which I find difficult to believe), then a future upgrade can replace the entire section of the airframe to accommodate the larger, heavier NiCD or NiMH batteries. In the meantime, at least the airframe will be flying safely, making money for the airlines.

I'm not sure exactly what you even mean by "mitigation". How is "mitigation" different than "redesigning based on new information"? Are you implying that any time there is any kind of problem the only potential solution is a clean-sheet redesign?

I think he meant that the additional strengthening is applied instead of redesign based on new information. i.e. Additional steel beans installed on a faulty bridge instead of a new bridge, which sometimes work well and other times don't.

The article doesn't mention when the battery failed, what kind of backup solution is provided? After all, the plane is fly-by-wire, they need power to control the airplane.

They are not the primary power source for the airplane. They are actually only used in-flight to supplement the primary system during periods of higher than normal load, and to run the APU when the airplane is on the ground.

The article doesn't mention when the battery failed, what kind of backup solution is provided? After all, the plane is fly-by-wire, they need power to control the airplane.

Power to fly the plane comes from generators when the engines are running. The batteries are to keep some systems going on the ground when the engines are shut down. They get recharged when the generators are running.

How is it you don't see what the problem is they are trying to fix? The problem is right there in front of you, despite your attempts to deflect the failure onto the containment system: the problem is batteries shorting out and bursting into flame. You would be right if their original design specs assumed battery failure and accepted that batteries would be doing this in flight, but they didn't do that. Meaning their original design decision to use lithium-ion batteries was based on a FAULTY ASSUMPTION. It is HIGHLY possible that if they had know this would happen, they would have used a different battery type like NiMH, you know, like Airbus has done in the wake of this incident.

To proceed with a battery type that was chosen using faulty reliability assumptions and then try to design around the failure of those assumptions by adding better containment and mitigation without truly revisiting whether Lithium Ion was the wrong choice in the first place is BAD DESIGN.

edit: The acid test of whether I am right or not will become clear based on the responses of other airplane manufacturers. If people continue to adopt more Lithium Ion designs and just contain them better, then I am wrong. If they avoid Lithium Ion designs and used other safer technologies like NiMH, then I am right. So far, the one datapoint is Airbus, and they are in my column.

I'm sure you'll agree that it's much easier to see a problem in the batteries Boeing is using after this latest unpleasantness. Lithium Ion batteries have been used on airplanes before this, the F-22 and the F-35 come to mind, and they don't seem to be causing problems on those planes. Technology usually is first used on military aircraft and only later comes over to civilian ones. Fly-by-wire is only one example, GPS, ARINC data links that evolved into ACARS systems, INS, and there are many others. Besides, it isn't known if it was the batteries themselves that caused the problems or some part(s) of the circuity that supports them. I think the biggest problem is that Boeing lost control of the outsourcing that they used. In this case, The system was designed by Thales and they outsourced the battery to Yuasa and the circuit boards to another company. At one time or another in this whole sorry tale each was implicated in one way or another.

The article doesn't mention when the battery failed, what kind of backup solution is provided? After all, the plane is fly-by-wire, they need power to control the airplane.

Power to fly the plane comes from generators when the engines are running. The batteries are to keep some systems going on the ground when the engines are shut down. They get recharged when the generators are running.

There's also an emergency backup ram air turbine (RAT). The RAT is capable of running the planes critical systems by itself, so the only real worry is that something knocked out all electrical or hydraulic connections and power can't get there.

The article doesn't mention when the battery failed, what kind of backup solution is provided? After all, the plane is fly-by-wire, they need power to control the airplane.

Power to fly the plane comes from generators when the engines are running. The batteries are to keep some systems going on the ground when the engines are shut down. They get recharged when the generators are running.

There's also an emergency backup ram air turbine (RAT). The RAT is capable of running the planes critical systems by itself, so the only real worry is that something knocked out all electrical or hydraulic connections and power can't get there.

When you get to a situation where you need to use the RAT on most planes, you're in a lot of trouble. It's nearly always in a 2 engine plane (the A380 and dash 8 747 are exceptions) with a total loss of power. It's a backup only in the sense that "lets hope we have enough airspeed and altitude to have a chance".

A RAT is not part of a remotely viable set of redundant systems if you would expect it to drop out with any regularity - as in more than maybe 2-3 times across all 787s over the next 2 or 3 decades.

When the airlines limited the weights on carry-on for every single passenger on board from 20 lbs to 19 lbs. That will save 400+ lbs right there. How much are these new steel containers weighted? I don't think they are more than 400 lbs? Okay, 400 lbs is not enough? Well, cut 2 lbs more on every carry-on? Now you are getting 800 lbs. How's that sounds? No, you want to slash off even more weights? How about 17 lbs on every carry-on, 15 lbs, 10 lbs? So when limiting the weight on carry-ons would probably off-set the new additional weights, right? Case closed.

The weight of the battery is a non-issue actually. It is its new design that required the battery power to take full control of the system is what attracted their buyers. The light weight battery is just a side show on this new aircraft.

"Yes, folks we have this super super lightest-weighted batteries." It weights less than one lbs.

Oh, big deal. Get over it people.

The whole idea of this light-weighted 787 is its body design. They are made of light-weight fiber glass instead of made of the conventional heavier sheet metals and also its whole operating system rely on battery power to power every electrical equipments on board. Another new technology break through on commercial aircrafts -The fiber glass body and the lithium-ion battery.

Another thing is, there are reasons beside the battery for the FAA to ground this aircraft. Cracks have been found on this fiber glass body on several planes. No one and not even the FAA make any complaints to it until this battery incidents. Don't say the FAA didn't help.

When you get to a situation where you need to use the RAT on most planes, you're in a lot of trouble. It's nearly always in a 2 engine plane (the A380 and dash 8 747 are exceptions) with a total loss of power. It's a backup only in the sense that "lets hope we have enough airspeed and altitude to have a chance".

A RAT is not part of a remotely viable set of redundant systems if you would expect it to drop out with any regularity - as in more than maybe 2-3 times across all 787s over the next 2 or 3 decades.

Yes, if you get to the point where the RAT deploys you are generally having a bad day. It usually means that the generators on both engines have failed (likely along with the engines themselves), the APU has failed, and both backup battery systems have failed.

That being said, claiming that a RAT is not a viable part of aircraft redundant power systems is complete hyperbole. When all else has failed, it provides enough power to keep the most basic systems in the aircraft running, enabling the pilot to make an emergency (or at least controlled) landing. That sounds pretty viable to me... The alternative is that control of the plane is lost followed shortly by a crash.

The fact that an airframe had an unexpected fault the resulted in the RAT deploying is not a sign of bad engineering, rather it is a sign that the aircraft had enough redundancy to get you through your bad day in one piece.

...How is that? What mitigation factors did they apply to the STS before Challenger?

My understanding was that the problem with Challenger was that they just decided partial burn-through was no big deal, not that they applied mitigation instead of a full redesign.

I'm not sure exactly what you even mean by "mitigation". How is "mitigation" different than "redesigning based on new information"? Are you implying that any time there is any kind of problem the only potential solution is a clean-sheet redesign?

The point is that they are on a slippery slope of design changes. If your original design is that it is not acceptable for batteries short out and burst into flame on an airplane in flight, you don't respond to finding batteries shorting out and bursting into flame by turning around and just accept that there will be batteries shorting out and bursting into flame, and try to "mitigate" that fact with stronger containers, venting etc. You go back and do what is necessary to make sure that they don't short out and burst into flame in the first place, and you don't fly those batteries until you have done that work. If that causes huge problems for Boeing, so be it- it is their own fault for not ensuring this wouldn't happen and having contingency plans in the first place.

My troubleshooting yardstick for knowing whether I have identified the root cause of a problem is, "can I turn it on and off?" If I can't do that, then perhaps I can contain the problem. That, for me, is the distinction between mitigation and solving the problem.

When you get to a situation where you need to use the RAT on most planes, you're in a lot of trouble. It's nearly always in a 2 engine plane (the A380 and dash 8 747 are exceptions) with a total loss of power. It's a backup only in the sense that "lets hope we have enough airspeed and altitude to have a chance".

A RAT is not part of a remotely viable set of redundant systems if you would expect it to drop out with any regularity - as in more than maybe 2-3 times across all 787s over the next 2 or 3 decades.

Yes, if you get to the point where the RAT deploys you are generally having a bad day. It usually means that the generators on both engines have failed (likely along with the engines themselves), the APU has failed, and both backup battery systems have failed.

That being said, claiming that a RAT is not a viable part of aircraft redundant power systems is complete hyperbole. When all else has failed, it provides enough power to keep the most basic systems in the aircraft running, enabling the pilot to make an emergency (or at least controlled) landing. That sounds pretty viable to me... The alternative is that control of the plane is lost followed shortly by a crash.

The fact that an airframe had an unexpected fault the resulted in the RAT deploying is not a sign of bad engineering, rather it is a sign that the aircraft had enough redundancy to get you through your bad day in one piece.

My point was that the rest of the back-up systems aren't viable if they mean you actually expect to use the RAT in some failure scenarios.

Before the FAA made this announcement yesterday on 4/20, Boeing had announced a week earlier that it was going to be allowed to fly the plane again. Being the suspicious person I am, and knowing that a lot of Congressmen are invested in Boeing, it makes me wonder how Boeing was able to forecast the future so well. Now we have a fix to a problem they know nothing about. It doesn't give me a warm and fuzzy feeling to imagine myself as a passenger on that plane.

Before the FAA made this announcement yesterday on 4/20, Boeing had announced a week earlier that it was going to be allowed to fly the plane again. Being the suspicious person I am, and knowing that a lot of Congressmen are invested in Boeing, it makes me wonder how Boeing was able to forecast the future so well. Now we have a fix to a problem they know nothing about. It doesn't give me a warm and fuzzy feeling to imagine myself as a passenger on that plane.

When working with a large number of talented and conscientious engineers on a complex project, it's reasonable to assume that the decision is made well before it gets to the politicians, and a week's delay is just a matter of the wheels of bureaucracy.

You don't imagine the congressmen are the ones reviewing the final specifications, do you?